On 4/12/06, Blake B. <shadoi at nanovoid.com> wrote:
>> I agree with that completely. But I like simplicity. I just use
> rate-limiting, I get maybe 2 or 3 attempts at SSH on port 22 a day.
> With this method they give up very quickly.
>> sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
> -m recent --set
> sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW
> -m recent --update --seconds 60 --hitcount 4 -j DROP
>> Anything that hits port 22 more than 4 times within 60 seconds gets
> blocked. This is obviously vulnerable to throttling the attacks, but
> it's always automated, and they're usually only interested in the low-
> hanging fruit.
>> -Blake
This is cool. Is the rate-limiting on port 22 only blocking the IP of
the offending connection? *or* does it block port 22 for *everyone* if
there are too many incoming connections?
Chris